no write permissions

Trevor Cordes (Trevor Cordes)
Tue Mar 27 22:47:06 2001


I need my CGI to encrypt some data with my public key.  I 
don't want the CGI (user apache, group apache) to require
write permissions on ANY file in order to do the encryption,
as I don't want any old CGI process to corrupt my files.

I was using pgp2.6.3 and that always required randseed.bin
to be writable.

I switched to gpg1.0.4 thinking that --no-random-seed-file
would do the trick.  But after experimenting it seems that
instead trustdb.gpg needs to be writable no matter what!

That's simply trading between two evils!

Is there a way I can invoke gpg so that it will work with
NO write perms on ANY files or directories?

Here's what my command line looks like now:

gpg -ea -z9 -r'Web Site Name' --always-trust --lock-never --batch